Saturday, 27 September 2008

Security account requirements for the configuration of Sharepoint 2007To install Office SharePoint Server 2007 in a server farm environment, at-least 2 accounts are required:A user account that you can use to install Office SharePoint Server 2007 and run the SharePoint Products and Technologies Configuration Wizard. This account must be: A domain user account.

A member of the Administrators group on each of your front-end servers. A member of the SQL Server Logins, which grants login access to your SQL Server instance. A member of the SQL Server Database Creator server role, which grants permission to create and alter databases. A member of the SQL Server Security Administrators server role, which grants permission to manage server logins.A unique domain user account that you can specify as the Office SharePoint Server 2007 service account. This user account is used to access your SharePoint configuration database. It also acts as the application pool identity for the SharePoint Central Administration application pool and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. It is recommended that you follow the principle of least privilege and do not make this user account a member of any particular security group on your front-end servers or your back-end servers.

Thursday, 25 September 2008

What is a Shared Service Provider?For those of you who don't know what I am talking about a bit of overview. In MOSS 2007 there is this new concept of Shared Services Providers(SSP). The idea being that there are certain services that really make sense to centrally manage and share. A good example being profiles. With a SSP we can import all of the profile information from AD once and then our various web applications can consume the data. So maybe we have http://marketing/ and http://accounting/ it doesn't make sense for each one to maintain identical profile information, they should share.The major services that are handled by the SSP are:Profiles and AudiencesMy SitesSearchAll of Excel ServicesAll of the BDC (Business Data Catalog)Below is an example screen shot from MOSS 2007 Enterprise:

Sometimes the easiest way to think of Shared Services is the Parent vs. Child relationship. The Parent (your SSP) goes out and does all of the work (pulling BDC data, indexing content, hosting My Sites) and the child (your web applications) come to the parents to ask for $5 (request data from the BDC, or view a calculated Excel sheet). Does that help?Multiple SSPsOne of the most overwhelming things about SSPs for some people planning is how many should I have? It is easy to see from the interface that you are given the opportunity to create more than one. When should you do this?As a general rule of thumb most companies will use one SSP. This is my default answer. So why do they give you the ability to run multiple SSPs? There are cases where you want separate search or profiles. The most common? Extranet/internet scenarios. Maybe your SharePoint farm hosts two primary web applications. http://portal/ for your intranet and http://ourcustomers/ for your extranet. In this scenario you probably want separate search and profiles. And now you have found the reason to have multiple SSPs. You don't want to share information you want unique information for both.Another advantage of SSPsSeparation of roles. In some medium and large environments it is not uncommon to have one group administering the physical server farm while another group needs to just maintain search. Well the SSP concept makes this very easy. Since the SSP is its own SharePoint site collection you can define a users access so they can NOT access central administration but they CAN access the SSP. And once they get into the SSP you can even limit them. Once inside the SSP you can determine if they can:Manage user profilesManage audiencesManage permissionsManage usage analyticsBest I can tell if you give them access to the SSP all of the other SSP functions they will have rights to. Guess it needs more testing.Still this separation of services from the actual administration of the server can be quite useful. Epically in companies where the less access I give a user the better.

You have heard a lot about WSS and SharePoint 2007 ,basically what is WSS ?Windows Share point Services (WSS) is a technology provided as an extension to Microsoft Windows 2003 (and above). WSS provides a platform for collaboration applications, offering a common framework for document management and a common repository for storing documents of all types.

Office SharePoint Server 2007 builds on top of Windows SharePoint Services 3.0, rather its an additional layer to provide capabilities including collaboration, portal, search, enterprise content management, business process and forms, and business intelligence.